With World Password Day approaching on 7 May, ManageEngine South Africa is highlighting the importance of stronger password practises as cyber risks continue to rise for local businesses.
According to David C. Howell, Regional Sales Director at ManageEngine South Africa, many organisations are under mounting pressure to move beyond outdated password habits as cybercriminals continue to exploit weak or reused credentials. “Password security remains one of the simplest yet most frequently overlooked elements of cybersecurity. In South Africa, where businesses are rapidly accelerating digital transformation and employees often work across multiple devices and networks, the risks linked to poor password hygiene are becoming more pronounced,” said Howell.
Local data supports this concern. A TransUnion report shows that the account login stage has the highest rate of suspected digital fraud in the consumer life cycle in South Africa, driven by attempts at account takeover using stolen credentials, intercepted one-time passwords, and social engineering tactics. Often, attackers do not need sophisticated tools, instead exploiting compromised login details and human behaviour to gain access to accounts.
Howell added that this challenge is not unique to the local market, with global research reinforcing how persistent the problem remains. The Verizon 2025 Data Breach Investigations Report found that credential abuse remains the most common initial access vector in breaches, involved in over 22% of all confirmed non-error, non-misuse incidents.
“This demonstrates that even with advances in security tools, compromised credentials are still one of the easiest ways for attackers to gain access,” Howell explained. “We are seeing a clear shift towards passwordless authentication and stronger identity and access management frameworks, but adoption is still uneven, particularly among SMEs. The priority should be simple, practical steps: stronger passwords, multi-factor authentication, and better control over who has access to what.”
As organisations continue to expand their digital footprint, strengthening identity and access controls is a fundamental requirement for protecting systems, customer data, and user trust in an evolving threat landscape.
